CVE Program Virtually Unfunded
Mitre’s CVE’s program—which offers frequent naming and different informational sources about cybersecurity vulnerabilities—was about to be cancelledas the US Division of Homeland Safety didn’t renew the contact. It was funded for eleven extra months on the final minute.
This can be a large deal. The CVE program is a type of items of frequent infrastructure that everybody advantages from. Shedding it is going to convey us again to a world the place there’s no single option to speak about vulnerabilities. It’s form of loopy to suppose that the US authorities may injury its personal safety on this method—however I suppose no crazier than any of the opposite methods the US is working towards its personal pursuits proper now.
Sasha Romanosky, senior coverage researcher on the Rand Company, branded the top to the CVE program as “tragic,” a sentiment echoed by many cybersecurity and CVE specialists reached for remark.
“CVE naming and task to software program packages and variations are the inspiration upon which the software program vulnerability ecosystem relies,” Romanosky stated. “With out it, we are able to’t monitor newly found vulnerabilities. We will’t rating their severity or predict their exploitation. And we actually wouldn’t be capable to make the very best selections concerning patching them.”
Ben Edwards, principal analysis scientist at Bitsight, advised CSO, “My response is disappointment and disappointment. This can be a precious useful resource that ought to completely be funded, and never renewing the contract is a mistake.”
He added “I’m hopeful any interruption is temporary and that if the contract fails to be renewed, different stakeholders throughout the ecosystem can choose up the place MITRE left off. The federated framework and openness of the system make this doable, nevertheless it’ll be a rocky street if operations do must shift to a different entity.”
Extra related quotes within the article.
My guess is that we’ll one way or the other work out tips on how to transition this program to proceed with out the US authorities. It’s too vital to be in danger.
EDITED TO ADD: One other good article.
Posted on April 16, 2025 at 11:19 AM •
26 Feedback
#CVE #Program #Unfunded #Schneier #Safety
Azeem Rajpoot, the author behind This Blog, is a passionate tech enthusiast with a keen interest in exploring and sharing insights about the rapidly evolving world of technology.
With a background in Blogging, Azeem Rajpoot brings a unique perspective to the blog, offering in-depth analyses, reviews, and thought-provoking articles. Committed to making technology accessible to all, Azeem strives to deliver content that not only keeps readers informed about the latest trends but also sparks curiosity and discussions.
Follow Azeem on this exciting tech journey to stay updated and inspired.